CVE-2024-47721 Information

Nov 01, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading

The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn’t implemented but driver expects number of handlers is NUM_OF_RTW89_MAC_C2H_FUNC_WOW causing out-of-bounds access. Fix it by removing ID.

Addresses-Coverity-ID: 1598775 (\Out-of-bounds read)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Reference

https://git.kernel.org/stable/c/10463308b9454f534d03300cf679bc4b3d078f46 https://git.kernel.org/stable/c/2c9c2d1a20916589497a7facbea3e82cabec4ab8 https://git.kernel.org/stable/c/56310ddb50b190b3390fdc974aec455d0a516bd2

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.1

Share on: